|
210851
|
6.1 |
MEDIUM
Network
|
sae-it
|
net-line_fw-50_firmware
|
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is serve…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10630
|
2024-11-21 13:55 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210852
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-10717
|
2024-11-21 13:55 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210853
|
5.3 |
MEDIUM
Network
|
samba
fedoraproject
opensuse
|
samba
fedora
leap
|
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause de…
|
CWE-416
Use After Free
|
CVE-2020-10700
|
2024-11-21 13:55 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210854
|
4.7 |
MEDIUM
Network
|
redhat
|
keycloak
|
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post…
|
NVD-CWE-Other
|
CVE-2020-10686
|
2024-11-21 13:55 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210855
|
7.8 |
HIGH
Local
|
lcds
|
laquis_scada
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
|
NVD-CWE-noinfo
|
CVE-2020-10622
|
2024-11-21 13:55 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210856
|
5.5 |
MEDIUM
Local
|
lcds
|
laquis_scada
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.
|
CWE-200
Information Exposure
|
CVE-2020-10618
|
2024-11-21 13:55 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210857
|
9.8 |
CRITICAL
Network
|
dom4j_project
oracle
opensuse
netapp
canonical
|
dom4j
insurance_policy_administration_j2ee
insurance_rules_palette
retail_integration_bus
webcenter_portal
utilities_framework
flexcube_core_banking
business_process_management_s…
|
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing ho…
|
CWE-611
XXE
|
CVE-2020-10683
|
2024-11-21 13:55 |
2020-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210858
|
5.2 |
MEDIUM
Local
|
redhat
|
ansible_engine
ansible_tower
|
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is cr…
|
CWE-22
Path Traversal
|
CVE-2020-10691
|
2024-11-21 13:55 |
2020-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210859
|
7.5 |
HIGH
Network
|
json_project
fedoraproject
opensuse
debian
apple
|
json
fedora
leap
debian_linux
macos
|
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, …
|
CWE-20
Improper Input Validation
|
CVE-2020-10663
|
2024-11-21 13:55 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210860
|
7.5 |
HIGH
Network
|
inductiveautomation
|
ignition_gateway
|
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk s…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10641
|
2024-11-21 13:55 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
